Professor Messer, SY0-601, Practice Exam B

A security administrator would like to test a server to see if a specific vulnerability exits. Which of the following would be the BESt choice for this task?

A Linux administrator has received a ticket complaining of response issues with a database server. After connecting to the server, the administrator views this information:

Filesystem Size Used Avail Use% Mounted on
/dev/xvda1 158G 158G 0 100% /

Which of the following would BEST describe this information?

A security administrator has identified the installation of a RAT on a database server and has quarantined the system. Which of the following should be followed to ensure that the integrity of the evidence is maintained?

A manager of the accounting department would like to minimize the opportunity for embezzlement and fraud from any of the current accounting teach employees. Which of these policies should the manager use to avoid these issues?

A company would like to automate their response when a virus is detected on company devices. Which of the following would be the BEST way to implement this function?

Which of the following BEST describes the modification of application source code that removes white space, shortens variable names, and rearranges the text into a compact format?

A security administrator is updating the network infrastructure to support 802.1X authentication. Which of the following would be the BEST choice for this configuration?

A system administrator is implementing a password policy that would require letters, numbers, and special characters to be included in every password. Which of the following controls MUST be in place to enforce this password policy?

A company has identified a compromised server, and the security team would like to know if an attacker has used this device to move between systems. Which of the following would be the BEST way to provide this information?

A security administrator has created a new policy that prohibits the use of MD5 hashes due to collision problem. Which of the following describes the reason for this new policy?

to process the company payroll, a a manger logs into a third-party browser-based application and enters the hours worked for each employee. The financial transfers and physical check mailings for all provided by the third-party company. The manager does not maintain any servers or virtual machines within his company.  Which of the following would BEST describe this application model?

An online retailer is planning a penetration test as part of their PCI DSS validation. A third-party organization will be performing the test, and the online retailer has provided the Internet-facing IP address for their public web servers but no other details. What penetration testing methodology is the online retailer using?

A system administrator would like to segment the network to give the marketing, accounting, and manufacturing departments their own private network. The network communication between departments would be restricted for additional security. Which of the following should be configured on this network?

Which of the following would be the best way to describe the estimated number of laptops that might be stolen in a fiscal year?

A hacker is planning an attack on a large corporation. Which of the following would provide the attacker with details about the company's domain names and IP addresses?

Which of the following vulnerabilities would be the MOST significant security concern when protecting against a competitor?

While working from home, users are attending a project meeting over a web conference. When typing in the meeting link, the browser is unexpectedly directed to a different website than the web conference. Users in the office do not have any issues accessing the conference site. Which of the following would be the MOST likely reason for this issue?

An organization has identified a security breach and has removed the affected servers from the network. Which of the following is the NEXT step in the IR process?

An organization has traditionally purchased insurance to cover a ransomware attack, but the costs of maintaining the policy have increased above the acceptable budget. The company has now decided to cancel the insurance policies and deal with ransomware issues internally. Which of the following would best describe this actions?

A security administrator has discovered that an employee has been exfiltrating confidential company information by embedding the data within image files and emailing the images to a third-party. Which of the following would best describe this activity?

A security administrator is designing a storage array that would maintain
an exact replica of all data without striping. The array needs to operate
normally if a single drive was to fail. Which of the following would be the
BEST choice for this storage system?

A security administrator has been asked to create a policy that would prevent access to a secure area of the network. All users who are not physically located in the corporate headquarters building would be prevented from accessing this area. Which of these should the administrator use?

A company has rolled out a new application that requires the use of a hardware-based token generator. Which of the following would be the BEST description of this access feature?

An application developer is creating a mobile device app that will include extensive encryption and decryption. Which of the following technologies would be the BEST choice for this app?

A recent audit has determine that many IT department accounts have been granted Administrator access. The audit recommends replacing these permissions with limited access rights. Which of the following would BEST describe this policy?

A user in the marking department is unable to connect to the wireless network. After authenticating with a username and password, the user receives this message:

-- -- --
The connection attempt could not be completed.
The Credentials provided by the server could not be validated.
Radius Server: radius.example.com
Root CA: Example.com Internal CA Root Certficate
-- -- -- 

The AP is configured with WPA3 encryption and 802.1X authentication.

Which of the following is the MOST likely reason for this login issue?

Which of the following would be the MOST likely result of plaintext application communication?

A security administrator attends an annual industry convention with other security professionals from around the world. Which of the following attacks would be MOST likely in this situation?

A security administrator is researching an issue with conference room users at a remote site. When connected to the wireless network, users receive an IP address that is not part of the corporate addressing scheme. Communication over this network also appears to have slower performance than the wireless connections elsewhere in the building. Which of  the following would be the MOST likely reason for these issues?

A technician at an MSP has been asked to manage devices on ;third-party private network. The technician needs command line access to internal routers, switches, and firewalls. Which of the following would provide the necessary access?

Which of the following would be considered multi-factor authentication?

A security engineer is preparing to conduct a penetration test. Part of the preparation involves reading through social media posts for information about a third-party website. Which of the following descirbes this practice?

Your company owns a purpose-built appliance that does not provide any access to the operating system and doesn't provide a method to upgrade the firmware. Which of the following describes this appliance?

A security administrator would like to create an access control where each file or folder is assigned a security clearance lever, such as 'confidential' or 'secret'. The security administrator would then assign a maximum security level to each user. What type of access control would be used in this network.

Sam, a security administrator, is configuring the authentication process used by technicians when logging into a router. Instead of using accounts that are local to the router, Sam would like to pass all login requests to a centralized database. Which of the following would be the BEST way to implement this requirement?

Which of the following would be a common result of a successful vulnerability scan?

A user in the mail room has reported an overall slowdown of his shipping management software. An anti-virus scan did not identify any issues, but a more thorough malware scan identified a kernal driver that was not part of the the original operating system installation. Which of the following malware was installed on this system?

Which of the following would be the BEST way to determine if files have been modified after the forensics data acquisition process has occurred?

A security administrator has found a keylogger installed alongside an update of accounting software. Which of the followin would prevent the transmission of the collected logs?

A government transport service has installed access points that support WPA3. Which of the following technologies would provide enhance security for PSK while WPA3?

Which of the following would be the BEST way to protect credit card account information when performing real-time purchase authorizations?

Which of the following would be the BEST option for application testing in an environment that is completely separated from the production network?

A new malware variant takes advantage of a vulnerability in a popular email client. Once installed, the malware forwards all email attachments containing credit card information to an external email address. Which of the following would limit the scope of this attack?

A company is launching a new internal application that will not start until a username and password is entered and a smart card is plugged into the computer. Which of the following BEST decribes this process?

If a person is entering a data center facility, they must check-in before they are allowed to move further into the building. People who are leaving must be formally check-out before they are able to exit the building. Which of the following would BEST facilitate this process?

A virus scanner has identified a macro virus in a word processing file attached to an email. Which of the following information could be obtained from the metadta of this file?

Which of the following would limit the type of information a company can collect from their customers?

An attacker has created amhy social media accounts and is posting information in an attempt to get the attention of the media. Which of the following would BEST describe this attack?

A company has been informed of a hypervisor vulnerability that could allow users on one virtual machine to access resources on another virtual machine. Which of the following would BEST describe this vulnerability?

A user in the accounting department has received an email from the CEO requesting payment for a recently purchased tablet. However, there doesn't appear to be a purchase order associated with this request. Which of the following would be the MOST likely attack associated with this email?

A shipping company stores information in small regional warehouses around the country. The company keeps an IPS online at each warehouse to watch for suspicious traffic patterns. Which of the following would BEST describe the security control used at the warehouse?

A transportation company has moved their reservation system to a
cloud-based infrastructure. The security manager would like to monitor
data transfers, identify potential threats, and ensure that all data transfers
are encrypted. Which of the following would be the BEST choice for
these requirements?

A company has connected their wireless access points and have enable WPS. Which of the following security issues would be associated with this configuration?

A security engineer is running a vulnerability scan on their own workstation. The scanning software is using the engineers account access to perform all scans. What type of scan is running?

Which of these threat actors would be the MOST likely to deface a website to promote a political agenda?

A security manager believes that an employee is using their laptop to circumvent the corporate Internet security controls through the use of a cellular hotspot. Which of the the following could be used to validate this belief? (Select TWO)

a third-party vulnerability scan reports that a company's web server software version is susceptible to a memory leak vulnerability. Which of the following would be the expected result if this vulnerability was exploited?

A security administrator has performed an audit of the organization's production web servers, and the results have identified banner information leakage, web services running from privileged account, and inconsistencies with SSL certificates. Which of the following would be the BEST way to resolve these issues?

The Vice President of Sales has asked the IT team to create daily backups of the sales data. The Vice President is an example of a:

A financial services company is headquartered in an area with a high occurrence of tropical storms and hurricanes. Which of the following would be MOST important when restoring services disabled by a storm?

Which of the following applies scientific principles to provide a post-event analysis of an intrusion?

A manufacturing company makes radar used by commercial and military organizations. A recently proposed policy change would allow the use of mobile devices inside the facility. Which of the following would be the MOST significant security issue associated with this change in policy?

A security administrator has identified a DoS attack against the company's web server from an IPv4 address on the Internet. Which of the following security tools would provide additional details about the attacker's location?  (Select TWO)

Which of the following would be the MAIN reasons why a system administrator would use a TPM when configuring full disk encryption?  (Select TWO)

A recent security audit has discovered email addresses and passwords located in a packet capture. Which of the following did the audit identify?

Which of the following control types is assocated with a bollard?

An IPS report shows a series of exploit attempts were made against externally facing web server. The system administrator of the web servers has identified a number of unusual log entries on each system.

In the past, an organization has relied on the curated Apple App Store to avoid issues associated with malware and insecure applications. However, the IT department has discovered an iPhone in the shipping department that includes applications that are not available on the Apple App Store. how did the shipping department user install these apps on their mobile device?

A company has signed an SLA with an Internet service provider. Which of the following would BEST describe the content of this SLA?

Daniel, a system administrator, believes that certain configuration files on a Linux server have been modified from their original state. Daniel has reverted the configurations to their original state, but he would like to be notified if they are changed again. Which of the following would be the BEST way to provide this functionality?

The network design of an online women's apparel company includes a primary data center in the United States and secondary data centers in London and Tokyo. Customers place orders online via HTTPS to servers at the closets data center, and these orders and customer profiles are then centrally stored in the United States data center. The connections between all data centers are Internet links with IPsec tunnels. Fulfillment requests are sent from the United States data center to shipping locations in the customer's country. Which of the follwong shoud be the CIO's MOST significant security concern with this existing network design?

Sam, a security administrator, is configuring an IPsec tunnel to a remote site. Which protocol should she enable to protect all of the data traversing the VPN tunnel?

A company is designing an application that will have a high demand and will require significant computing resources during the summer. During the winter, there will be little to no application use and resource use should be minimal. Which of these characteristics BEST describe this application requirement?

jack, a hacker, has identified a number of devices on a corporate network that use the username of 'admin' and the password of 'admin'. Which vulnerability describes this situation?

Vala, a security analyst, has received an alert from her IPS regarding active exploits attempts from the Internet. Which of the following would provide detailed information about these exploit attempts?

A transportation company is installing new wireless access points in their corporate offices. The manufacturer estimates that the access points will operate an average of 100,000 hours before a hardware-related outage. Which of the following describes this estimate?

Last month, a finance company disposed of seven-year old printed customer account summaries that were no longer required for auditing purposes. A recent onlince search has now found that images of these documents are available as downloadable torrents. Which of the following would MOST likely has prevented this information breach?

Jack, a security administrator, has been tasked with hardening all of the internal web servers to prevent on-path attacks and to protect the application traffic from protocol analysis. These requirements should be implemented without changing the configuration on the client systems. Which of the following should Jack include in his project plan?

A user in the accounting department would like to send a spreadsheet with sensitive information to a list of third-party vendors. Which of the following could be used to transfer this spreadsheet to the vendors?

An organization has developed an in-house mobile device app for order processing. The developers would like the app to identify revoked server certificates without sending any traffic over the corporate Internet connection. Which of the following MUST be configured to allow this functionality?

A transportation company headquarters is located in an area with frequent power surges and outages. The security administrator is concerned about the potential for downtime and hardware failures. Which of the following would provide the most protection against these issues?  Select TWO.

A security administrator designing a network to be PCI DSS complaint. Which of the following would be the BEST choice to provide this compliance?

Cameron, a security administrator, is reviewing a report that shows a number of devices on internal networks attempting to connect with servers in that data center network. Which of the following security controls should Cameron add to prevent internal systems from accessing data center devices?

A security administrator is viewing the logs on a laptop in the shipping and receiving department and identifies these events:

8:55:30 AM | D:\Downloads\ChangeLog-5.0.4.scr | Quarantine Success
9:22:54 AM | C:\Program Files|Photo Viewer\ViewerBase.dll | Quaratine Failure
9:44:05 AM | C:\Sales\Sample32.dat | Quaratine Success

Which of the following would BEST describe the circumstances surrounding these events?

A system administrator has protected a set of system backups with an encryption key. The system administrator used the same key when restoring files from this backup. Which of the following would BEST describe this encryption type?